Impersonation using JavaScript in D365

We can also impersonate a user using javascript in WebAPI by just passing the callerId in header. The impersonator should have the delegate role ( prvActOnBehalfOfAnotherUser) privilege.

impersonateuser

Below is the sample code for that.

var entity = {};
        entity.subject = value;
        entity["regardingobjectid_contact@odata.bind"] = "/contacts(" + recordId + ")";

        var req = new XMLHttpRequest();
        req.open("POST", serverUrl + "/api/data/v9.0/tasks", true);
        req.setRequestHeader("OData-MaxVersion", "4.0");
        req.setRequestHeader("OData-Version", "4.0");
        req.setRequestHeader("Accept", "application/json");
        req.setRequestHeader("Content-Type", "application/json; charset=utf-8");
        req.setRequestHeader("Prefer", "odata.include-annotations=\"*\"");
        req.setRequestHeader("MSCRMCallerID", "60FBEAFB-7724-EB11-A813-000D3A569CF5");

        req.onreadystatechange = function () {
            if (this.readyState === 4) {
                req.onreadystatechange = null;
                if (this.status === 204) {
                    Xrm.Utility.alertDialog("New Task Record Created with Related Contact");
                } else {
                    Xrm.Utility.alertDialog(this.statusText);
                }
            }
        };
        req.send(JSON.stringify(entity));

We get a task created with following audit :

If a field is having FLS (Field level security) enabled then it won’t allow access even if the impersonated user has full access but impersonating user doesn’t have access to the field.

Below is the full code where we trigger a Create Task on click on ribbon button. We read the value from custom entity ps_configurationsetting and then create task with the same subject. If the calling user doesn’t have access to FLS, impersonation wont help too.

ContactRibbon = {
    CreateTask: function (context) {
        var formContext = context;
        var recordId = formContext.data.entity.getId().replace("{", "").replace("}", "");
        var globalContext = Xrm.Utility.getGlobalContext();
        var serverUrl = globalContext.getClientUrl();

        var url = Xrm.Page.context.getClientUrl() + "/api/data/v9.1/ps_configurationsettings?$filter=ps_key eq 'azurekey'";
        var reqCS = new XMLHttpRequest();

        reqCS.open("GET", url, false);
        reqCS.setRequestHeader("Accept", "application/json");
        reqCS.setRequestHeader("Content-Type", "application/json; charset=utf-8");
        reqCS.setRequestHeader("MSCRMCallerID", "60FBEAFB-7724-EB11-A813-000D3A569CF5");
        reqCS.send();

        if (reqCS.readyState == 4) {
            if (reqCS.status == 200) {
                var data = JSON.parse(reqCS.response);
                if (data != null && data.value.length > 0) {
                    var value = data.value[0].ps_value;
                }
            }
            else {
                alert("Error: " + reqCS.responseText);
            }
        }
        var entity = {};
        entity.subject = value;
        entity["regardingobjectid_contact@odata.bind"] = "/contacts(" + recordId + ")";

        var req = new XMLHttpRequest();
        req.open("POST", serverUrl + "/api/data/v9.0/tasks", true);
        req.setRequestHeader("OData-MaxVersion", "4.0");
        req.setRequestHeader("OData-Version", "4.0");
        req.setRequestHeader("Accept", "application/json");
        req.setRequestHeader("Content-Type", "application/json; charset=utf-8");
        req.setRequestHeader("Prefer", "odata.include-annotations=\"*\"");
        req.setRequestHeader("MSCRMCallerID", "60FBEAFB-7724-EB11-A813-000D3A569CF5");
        req.onreadystatechange = function () {
            if (this.readyState === 4) {
                req.onreadystatechange = null;
                if (this.status === 204) {
                    Xrm.Utility.alertDialog("New Task Record Created with Related Contact");
                } else {
                    Xrm.Utility.alertDialog(this.statusText);
                }
            }
        };
        req.send(JSON.stringify(entity));
    }
};

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: